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L Real Party In Interest 

The real party in interest for this appeal is Sun Microsystems, Inc. ("Sun"). An 

Assignment transferring all interest in the referenced application from the inventors to Sun was 
filed with the USPTO on March 2, 2006. The Assignment is recorded at Reel 017302, Frame 
0814. 

II. Related Appeals, Interferences, And Judicial Proceedings 

To the best of the knowledge of the Appellants and the Appellants' legal representative, 
there are no other appeals, interferences, or judicial proceedings which will directly affect or be 
directly affected by or have a bearing on the decision of the Board of Patent Appeals and 
Interferences ("the Board") in this appeal. 

IIL Status of Claims 

Application Serial No. 09/845,457 ("the '457 Application") was filed in April 30, 2001. 
As filed, the 6 457 Application included claims 1-19. In a response filed March 28, 2006, claims 
1, 5-11, 14-17, and 19 were amended, claims 20-22 were added, and claims 2-4, 12-13, and 18 
were cancelled. No additional claims have been subsequently cancelled or amended. Claims 1 
and 1 1 are independent. 

Claims 1, 5-11, 14-17, and 19-22 are currently pending in the '457 Application. All of 
the claims were finally rejected in a final Office Action dated July 7, 2006. A Notice of Appeal 
and Pre-Appeal Brief Request for Review were filed October 10, 2006. A Notice of Panel 
Decision from Pre-Appeal Brief Review was issued October 25, 2006, upholding the final 
rejection of claims 1, 5-1 1, 14-17, and 19-22. 
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IV. Status of Amendments 

No claims have been amended or cancelled since the final Office Action dated July 7, 

2006. 

V. Summary of Claimed Subject Matter 

Independent claim 1 relates to an apparatus. The apparatus includes: (i) a client coupled, 
via a network, to a plurality of resources, wherein said plurality of resources is located on an 
application server; and (ii) a system configured to control access to said plurality of resources, 
the system including: (a) a database configured to store a first license policy type, a second 
license policy type, a first policy instance, and a second policy instance, wherein the first policy 
instance is generated using the first license policy type and a first user specific parameter and the 
second policy instance is generated using the second policy type and a second user specific 
parameter, wherein the first user specific parameter and the second user specific parameter are 
associated with a same user; (b) a license manager configured to generate a token using the 
following steps: creating a first sub-token using the first policy instance; creating a second sub- 
token using the second policy instance; and combining the first sub-token and the second sub- 
token to generate the token, wherein the token enables the user to access one of said plurality of 
resources; and (c) a token monitor configured to initiate and terminate access to said one of said 
plurality of resources according to said token, wherein the token monitor is located on said 
application server. The apparatus recited in independent claim 1 is discussed in at least Figures 
1-4, and pages 6-1 1 of the Specification. 

Independent claim 11 relates to a method for managing access to a resource on a 
network. The method involves: (i) creating a first policy instance and a second policy instance, 
wherein the first policy instance is created using a first license policy type and a first user 
specific parameter and the second policy instance is created using a second policy type and a 
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second user specific parameter, wherein the first user specific parameter and the second user 
specific parameter are associated with a same user; (ii) verifying the first policy instance and the 
second policy instance by a license manager; and (iii) generating a token by said license 
manager, wherein the token enables the same user to access said resource, and wherein the token 
is generated by: (a) creating a first sub-token using the first policy instance, (b) creating a second 
sub-token using the second policy instance, and (c) combining the first sub-token and the second 
sub-token to generate the token. The method recited in claim 1 1 is discussed in at least Figures 
2-3 and pages 8-1 1 of the Specification. 

VI. Grounds of Rejection to be Reviewed on Appeal 

The grounds of rejection to be reviewed on appeal are the rejection of claim 1 under 35 
U.S.C. § 1 12 as being indefinite, and the rejection of claims 1,5-11,14-17, and 19-22 under 35 
U.S.C. § 102(e) as being anticipated by Patel. 
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VII. Argument 

A. Claim 1 is not indefinite under 35 U.S.C. § 112, second paragraph 

In this appeal, the Appellant argues that claim 1 is not indefinite under 35 U.S.C. 
§ 1 12, second paragraph, for at least the reasons given below. 

The Examiner asserts that "a single claim which claims both an apparatus and the 
method of using the apparatus is indefinite under 35 U.S.C. § 112, second paragraph, 
because it is unclear which category of invention is being claimed." Office Action dated 
July 7, 2006 at page 2. The Examiner cites Ex Parte Lyell, 17 U.S.P.Q 2d 1548 (BPAI 
1990) in support of the rejection. Lyell states that "a single claim which claims both an 
apparatus and the method steps of using the apparatus is indefinite under 35 U.S.C. § 
1 12, second paragraph." See MPEP § 2173.05(p) (II). Applicants assert that Lyell is not 
applicable to claim 1 . 

Independent claim 1 recites, in part, "An apparatus, comprising ... a client 
coupled ... to a plurality of resources ... and a system configured to control access to 
said plurality of resources, the system including ... a database ... a license manager 
configured to generate a token using the following steps . . . and a token monitor." 

The steps recited in claim 1 describe limitations of a single component (i.e., the 
license manager) of the claimed apparatus. In contrast, the holding of Lyell is directed to 
the scenario in which a claim recites an apparatus and a method for using the apparatus 
and, thus, is not applicable to claim 1. Said another way, the holding in Lyell is only 
applicable to claims that recite an apparatus and a method, where the method describes 
the use of the apparatus as a whole. Lyell is not applicable to elements of an apparatus 
claim that recite steps as limitations of a given component of the apparatus. Thus, the 
Examiner has misconstrued and misapplied the holding of Lyell with respect to claim 1. 
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Accordingly, independent claim 1 is not indefinite under the second paragraph of 35 
U.S.C. § 112. 

B. Claims 1, 5-11, 14-17, and 19-22 are not anticipated by PateL 

In this appeal, the Appellant argues that claims 1, 5-11, 14-17, and 19-22 are not 

anticipated by Patel, for at least the reasons given below. For the purposes of this appeal, 
claims 1, 5-11, 14-17, and 19-22 stand or fall together. Claim 1 is representative of the 
group including claims 1, 5-11, 14-17, and 19-22. 

Under 35 U.S.C. § 102(e), a claim in a patent application may be rejected if "the 
invention was described in (1) an application for patent, published under § 122(b), by 
another filed in the United States before the invention by the Appellant for patent...." 
Furthermore: 

Anticipation under 35 U.S.C. § 102 means lack of novelty, and is a 
question of fact. To anticipate, every element and limitation of the claimed 
invention must be found in a single prior art reference, arranged as in the 
claim. 

Brown v. 3M, 265 F.3d 1349, 1351 (Fed. Cir. 2001) (emphasis added). The Federal 
Circuit has held repeatedly that anticipation requires disclosure of each and every 
element of the claimed invention in a single prior art reference. See, e.g., Sobering Corp. 
v. Geneva Pharms., 339 F.3d 1373, 1377 (Fed. Cir. 2003); Diversitech Corp. v. Century 
Steps, Inc., 850 F.2d 675, 677 (Fed. Cir. 1988); Orthokinetics, Inc. v. Safety Travel 
Chairs, Inc., 806 F.2d 1565, 1574 (Fed. Cir. 1986). 

1. Patel does not disclose creating separate sub-tokens and combining the 
separate sub-tokens to generate a token as recited in claim 1 

Independent claim 1 recites, in part, 

a database configured to store a first license policy type, a second license 
policy type, a first policy instance, and a second policy instance, wherein 
the first policy instance is generated using the first license policy type and 
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a first user specific parameter and the second policy instance is generated 
using the second policy type and a second user specific parameter, 
wherein the first user specific parameter and the second user specific 
parameter are associated with a same user; 

a license manager configured to generate a token using the following 
steps: creating a first sub-token using the first policy instance; creating a 
second sub-token using the second policy instance; and combining the first 
sub-token and the second sub-token to generate the token, wherein the 
token enables the user to access one of said plurality of resources. 

Emphasis added. As recited in claim 1, two sub-tokens {i.e., the first sub-token and the 

second sub-token) are created for the same user. Specifically, each of the sub-tokens is 

created using a policy instance (Le., a first policy instance and a second policy instance), 

where each of the policy instances is associated with the same user. Once the sub-tokens 

are created, the sub-tokens are combined to produce a token that allows the same user to 

access a resource. 

The Examiner asserts that Patel discloses "creating a first sub-token using the 

first policy instance ... creating a second sub-token using the second policy instance ... 

and combining the first sub-token and the second sub-token to generate the token." 

Office Action dated July 7, 2006 at page 4. The Examiner cites the same portions of 

Patel for each of the limitations of creating a first sub-token, creating a second sub-token, 

and combining the first sub-token and the second sub-token to generate the token. See 

Office Action dated July 7, 2006 at page 4. Specifically, the cited portion of Patel states: 

Client License Manager 205 - This component requests licenses ("Access 
tokens") from the License Server 106 when the client wants to run 
applications. The License Server 106 sends art "Access token" to the 
client that can be used to run the applications by presenting it to the 
Application Server 107. Along with the token, the License Server 106 
also sends the expiry time of the token. The Client License Manager 205 
renews the token just before the expiry period so that the client can 
continue running the application. 
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Patel, col. 10, lines 33-43. Patel clearly discloses issuing a single access token for a 
given user to access a resource. However, aside from disclosing that an access token is 
generated (if there is a valid license agreement) and that the access token includes an 
expiration time, Patel does not disclose how the access token is generated. See Patel, col. 
8, 1. 57 - col. 9, 1. 1. In particular, Patel is completely silent with respect to generating a 
token using license policy types, policy instances, and sub-tokens as explicitly recited in 
claim 1. Further, Patel does not contemplate that the token allows the same user to 
access a resource. Therefore, the access token of Patel cannot be considered to be a 
token as recited in claim 1 unless the Examiner ignores express limitations of the claim 
and/or mischaracterizes the teachings of Patel. 

Further, the Examiner is erroneously equating the "expiry time" disclosed in Patel 
to a sub-token. See Office Action mailed July 7, 2006 at pages 4-5. Claim 1 explicitly 
requires two sub-tokens to be combined to produce a single token. In contrast, the expiry 
time is merely a field associated with the single token disclosed in Patel. See Patel, col. 
10, 33-52. No combination of any type is taught or contemplated. Therefore, the "expiry 
time," as taught by Patel, cannot be considered to be a sub-token as recited in claim 1 
unless the Examiner ignores express limitations of the claim and/or mischaracterizes the 
teachings of Patel. Accordingly, creating separate tokens and combining the separate 
tokens to generate a single token, as clearly recited in the claims, cannot be anticipated 
by Patel. 

2. Patel does not disclose initiation and termination of access to a 
resource according to the token 

Claim 1 recites, in part, "a token monitor configured to initiate and terminate 
access to said one of said plurality of resources according to said token." Emphasis 
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added. The Examiner cites Patel, col. 9, lines 9-34 for disclosing this limitation of claim 

1 . See Office Action mailed July 7, 2006 at pages 4-5. As recited in Patel: 

The Application Server 107 - Once the client 113 obtains an "Access 
token" to run an application, it connects to the Application Server 107 and 
presents to it the "Access token" along with the request for the application 
bits ... The Application Server 107 validates the "Access token" by ... 
making sure that the expiration time in the "Access token" has not 
elapsed. 

Patel, col. 9, lines 9-22. This portion of Patel relied on by the Examiner only teaches 
gaining access to run an application based on the access token, provided that the access 
token has not expired. In other words, initiating access to a software application using 
the access token is explicitly disclosed and denying access to a software application if the 
access token has expired is implicitly disclosed in this portion of Patel. 

Patel is completely silent with respect to terminating access to a resource 
according to a token. Instead, Patel discloses a client license manager that "renews the 
token just before the expiry period so that the client can continue running the 
application." Patel, col. 10, lines 41-43. That is, once the client's right to hold the 
license is established, the access token is created and used by the client to gain access to 
an application. In addition, the access token is renewed prior to expiration so that the 
application can continue to be run by the client. In other words, the access token is 
renewed so that the client's access to the application will not terminate while the client is 
using the application. No mention is made of terminating the client's access to the 
application based on the access token once access is initiated and the application is being 
used. Simply put, the recited claims explicitly require termination of access while Patel 
merely teaches denying access. Clearly, equating denying access (i.e., saying "no," but 
maintaining the connection) to terminating access (i.e., cutting the connection 
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completely) is wholly improper and nonsensical to one skilled in the art. Accordingly, 
the "initiation and termination of access to said one of said plurality of resources 
according to a token" cannot be anticipated by Patel. 

C. Summary 

In view of the above, Patel clearly does not expressly or inherently describe each 
and every element of independent claim 1 . Independent claim 1 1 includes substantially 
the same elements discussed above. Claims 5-10, 14-17, and 19-22 depend, directly or 
indirectly, from independent claims 1 and 1 1 . Accordingly, Patel also does not expressly 
or inherently describe each and every element of claims 5-10, 14-17, and 19-22, for at 
least the same reasons. 

vni. CONCLUSION 

As discussed above, claim 1 is not indefinite under the second paragraph of 35 
U.S.C. § 112. Furthermore, Patel does not anticipate claims 1, 5-11, 14-17, and 19-22 
under 35 U.S.C. § 102(e). Accordingly, the Appellants respectfully request that the 
Board reverse the Examiner's rejections and allow claims 1, 5-11, 14-17, and 19-22 of 
the '457 Application. 
Dated: December 11, 2006 Respectfully submitted, 




OSHA • LIANG LLP 



1221 McKinney St., Suite 2800 



Houston, Texas 77010 
(713) 228-8600 



(713) 228-8778 (Fax) 
Attorney for Appellants 
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Claims Appendix 

1 . (Previously Presented) An apparatus, comprising: 

a client coupled, via a network, to a plurality of resources, wherein said plurality of 

resources is located on an application server; and 
a system configured to control access to said plurality of resources, the system including: 

a database configured to store a first license policy type, a second license policy 
type, a first policy instance, and a second policy instance, wherein the first 
policy instance is generated using the first license policy type and a first 
user specific parameter and the second policy instance is generated using 
the second policy type and a second user specific parameter, wherein the 
first user specific parameter and the second user specific parameter are 
associated with a same user; 

a license manager configured to generate a token using the following steps: 
creating a first sub-token using the first policy instance; 
creating a second sub-token using the second policy instance; and 
combining the first sub-token and the second sub-token to generate the 
token, 

wherein the token enables the user to access one of said plurality of 
resources; and 

a token monitor configured to initiate and terminate access to said one of said 
plurality of resources according to said token, wherein the token monitor 
is located on said application server. 

2. (Cancelled) 

13 



Application No.: 09/845,457 Docket No.: 03226/795001; SUN060205 

3. (Cancelled) 

4. (Cancelled) 

5. (Previously Presented) The apparatus of claim 1, wherein the token monitor comprises a 
criteria evaluator, wherein the criteria evaluator is configured to notify the token monitor 
when the first sub-token expires. 

6. (Previously Presented) The apparatus of claim 5, wherein the criteria evaluator is configured 
to use a calendar to determine whether the first sub-token has expired. 

7. (Previously Presented) The apparatus of claim 5, wherein the criteria evaluator is configured 
to use a counter to determine whether the first sub-token has expired. 

8. (Previously Presented) The apparatus of claim 5, wherein the criteria evaluator is configured 
to use a timer to determine whether the first sub-token has expired. 

9. (Previously Presented) The apparatus of claim 1 , further comprising: 

a secondary access database configured to generate a third sub-token using a third policy 
instance, wherein the third sub-token is created after the first sub-token has 
expired and the third sub-token enables the same user to access said one of said 
plurality of resources. 

10. (Previously Presented) The apparatus of claim 1, wherein a notification to create a new 
policy instance is sent to the client after the first sub-token has expired. 

1 1 . (Previously Presented) A method for managing access to a resource on a network 
comprising: 
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creating a first policy instance and a second policy instance, wherein the first policy 
instance is created using a first license policy type and a first user specific 
parameter and the second policy instance is created using a second policy type 
and a second user specific parameter, wherein the first user specific parameter 
and the second user specific parameter are associated with a same user; 

verifying the first policy instance and the second policy instance by a license manager; 
and 

generating a token by said license manager, 

wherein the token enables the same user to access said resource, and 
wherein the token is generated by: 

creating a first sub-token using the first policy instance, 
creating a second sub-token using the second policy instance, and 
combining the first sub-token and the second sub-token to generate the 
token. 

12. (Cancelled) 

13. (Cancelled) 

14. (Previously Presented) The method of claim 11, further comprising: 

creating a third sub-token using a third policy instance, wherein the third sub-token is 
created after the first sub-token has expired and the third sub-token enables the 
same user to access the resource. 
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15. (Previously Presented) The method of claim 11, wherein the license manager allows access 
to the resource for a period of time and the token only allows access to the resource for a 
portion of the period of time. 

16. (Previously Presented) The method of claim 15, further comprising: 

generating a new token when the portion of the period of time expires and additional 
time from in the period of time remains. 

17. (Previously Presented) The method of claim 11, further comprising: 

notifying the user when the first sub-token expires; and 
renewing, by the user, the first sub-token. 

18. (Cancelled) 

19. (Previously Presented) The method of claim 11, further comprising: 

monitoring the first sub-token by a token monitor associated with the resource; and 
terminating access to the resource when at least one selected from the group consisting 
of the first sub-token and the second sub-token expires. 

20. (Previously Presented) The apparatus of claim 1, wherein the first policy type is one selected 
from the group consisting of by user, by usage, by client, by time, by date, and by resource. 

21. (Previously Presented) The apparatus of claim 1, wherein the token monitor is further 
configured to attempt to renew the first sub-token after the first sub-token expires. 

22. (Previously Presented) The method of claim 11, wherein the first policy type is one selected 
from the group consisting of by user, by usage, by client, by time, by date, and by resource. 
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Evidence Appendix 

None. 
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